Photon Door Lock Swaps Keys for a POST Request

At this point we’re all well aware of the fact that there is some inherent danger involved when bringing “things” onto the Internet. Nobody wants to come home to a smoldering pile of ruble because their Internet connected toaster oven decided to get stuck on “Hades.” But even with the risks, occasionally we see projects that prove at least some intrepid hackers are managing to navigate the Internet of Things to solve real-world problems.

[Daniel Andrade] writes in to tell us about the Internet controlled entry system he’s setup at his new apartment, and while we imagine it’s not for everyone, we can’t deny it seems like it has improved his quality of life. Rather than giving all of his friends a copy of his key, he’s setup a system where anyone who has the appropriate link can “buzz” themselves in through the building’s existing intercom system.

Thanks to the old-school intercom setup, the hardware for this project is simple in the extreme. All [Daniel] needed was a relay to close the circuit on the door buzzer, and a way to fire it off. For his controller he chose the Photon from Particle, which is perhaps a bit overkill, but we all tend to work with what we’re personally comfortable with.

Most of the work went into the software, as [Daniel] ended up coming with two distinct ways to control the door lock over the Internet. The first method uses Blynk, which allows you to create slick visual interfaces for mobile devices. His second version is controlled with a POST request to a specific URL, which he likes because it gives him more flexibility as to how he can interact with the lock. Currently he has a simple web page setup that lets friends and family open the door by just clicking a button.

We’ve seen a similar setup using the Photon to open a garage door, and plenty of people have taken to using Blynk to control their home automation setups. All the tools are available for you to roll your own IoT gadgets, you just need to figure out what to do with the things…

How to Mash Up BLE, NodeJS, and MQTT to Get Internet of Things

We’re living in the world of connected devices. It has never been easier to roll your own and implement the functionality you actually want, rather than live with the lowest common denominator that the manufacture chose.

In a previous article I walked though a small python script to talk to a BLE light and used it to cycle through some colors. Now I want to delve deeper into the world of Internet Connected BLE devices and how to set up a simple Internet-Of-Things light. With this example in hand the sky’s the limit on what you can build and what it will be able to do.

Join me after the break as I demonstrate how to use NodeJS to bridge the digital world with the physical world.

Continue reading “How to Mash Up BLE, NodeJS, and MQTT to Get Internet of Things”

Welcome to the Internet of Swords

As has been made abundantly clear by the advertising department of essentially every consumer electronics manufacturer on the planet: everything is improved by the addition of sensors and a smartphone companion app. Doesn’t matter if it’s your thermostat or your toilet, you absolutely must know at all times that it’s operating at peak efficiency. But why stop at household gadgets? What better to induct into the Internet of Things than 600 year old samurai weaponry?

Introducing the eKatana by [Carlos Justiniano]: by adding a microcontroller and accelerometer to the handle of a practice sword, it provides data on the motion of the blade as it’s swung. When accuracy and precision counts in competitive Katana exhibitions, a sword that can give you real time feedback on your performance could be a valuable training aid.

The eKatana is powered by an Adafruit Feather 32u4 Bluefruit LE and LSM9DS0 accelerometer module along with a tiny 110 mAh LiPo battery. Bundled together, it makes for a small and unobtrusive package at the base of the sword’s handle. [Carlos] mentions a 3D printed enclosure of some type would be a logical future improvement, though a practice sword that has a hollow handle to hold the electronics is probably the most ideal solution.

A real-time output of sword rotation, pitch, and heading is sent out by the Adafruit Feather over BLE for analysis by a companion smartphone application. For now he just has a running output of the raw data, but [Carlos] envisions a fully realized application that could provide the user with motions to perform and give feedback on their form.

Incidentally this isn’t the first motion-detecting sword we’ve ever covered, but we think this particular incarnation of the concept might have more practical applications.

New App Note Day: Internet of Pillows

The Internet of Things is a cancer that consumes all reasonable expectations of technology, opens vast security holes we’ve never had to deal with before, and complicates life in the pursuit of quarterly gains from whatever technology startup is hot right now. We are getting some interesting tech out of it, though. The latest in the current round of ‘I can’t believe someone would build that’ is the Internet of Pillows. No, it’s not a product, it’s just an application note, but it does allow us to laugh at the Internet of Things while simultaneously learning about some really cool chips.

The idea behind this ‘smart’ pillow is to serve as a snoring sensor. When the smart pillow detects the user is snoring, a small vibration motor turns on to wake up the user. There’s no connectivity in this smart pillow, so the design is relatively straightforward. You need a microphone or some sort of audio sensor, you should probably have a force-sensitive resistor so you know the pillow is actually being used, and you need a vibration motor. Throw in a battery for good measure. Aside from that, you’re also going to need a microcontroller, and that’s where things get interesting.

This application note was written as a demonstration of what Dialog’s GreenPAC devices can do. We’ve seen these things before, and the idea behind these devices is something like a ‘modern-day PAL’ or ‘a really, really limited FPGA’. It’s a bit more than that, though, because the GreenPAC devices are mixed-signal, there are some counters and latches in there, and all the programming is done through a graphical IDE. If you need a small, low-power chip that only does one thing, the GreenPAC is right up your alley.

So, how does this device detect snoring? The code pulls data from the sound sensor every 30 ms, with a 5 ms time window. If this sound repeats again within six seconds, it’s assumed the user is snoring. The logic then turns on the vibration motor, greatly annoying whoever is sleeping. All of this is done through a graphical IDE, which I’m sure will draw the ire of some, but there really aren’t that many pins or that many LUTs on GreenPAC devices, so it’s never going to get too out of hand.

The GreenPAC is a very interesting family of parts that we don’t see too much of around here. That’s a shame, because for low-power applications that don’t need a lot of horsepower, the GreenPAC seems like it would be very useful. Slightly more useful than an Internet of Things pillow, at least.

The Internet of Three-Pointers

When tossing something into the rubbish bin, do you ever concoct that momentary mental scenario where you’re on a basketball court charging the net — the game’s final seconds ticking down on the clock — making a desperate stretch and flicking some crumpled paper perfectly into the basket only for no one to notice your awesome skills? Well, now you can show off how good you are at throwing out garbage.

Well, not strictly garbage. The genesis of this IoT basketball hoop was in fact an inflatable ball on [Brandon Rice]’s desk that he felt would be more fun to fidget with if he could keep score. The hoop and backboard were laser cut on his Epilog cutter, and sport a Particle Photon to track and upload his running point tally to the Internet. An Arduino and IR sensor detect objects passing through the hoop — ultrasound proved to be too slow to keep up with [Rice]’s shots.

Continue reading “The Internet of Three-Pointers”

Memcached Servers Abused For DDoS Attacks

Cloudflare announced recently that they are seeing an increase in amplification attacks using memcached servers, and that this exploit has the potential to be a big problem because memcached is capable of amplifying an attack significantly. This takes DDoS attacks to a new level, but the good news is that the problem is confined to a few thousand misconfigured servers, and the solution is to put the servers behind a tighter firewall and to disable UDP. What’s interesting is how the fundamental workings of the Internet are exploited to create and direct a massive amount of traffic.

We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or computer with unsecured firmware. Once the device is compromised, the malicious user can control the botnet and have it execute code. This code could mine cryptocurrency, upload sensitive data, or create a lot of web traffic directed at a particular server, flooding it with requests and creating a distributed denial of service (DDoS) attack that takes down the server. Since the server can’t distinguish regular traffic from malicious traffic, it can’t filter it out and becomes unresponsive.

This DDoS attack is limited to the size of the botnet’s bandwidth, though. If all the web cameras in the botnet are pounding a server as fast as they can, the botnet has reached its max. The next trick is called an amplification attack, and it exploits UDP. UDP (as opposed to TCP) is like the early post office; you send mail and hope it gets there, and if it doesn’t then oh well. There’s no handshaking between communicating computers. When a device sends a UDP packet to a server, it includes the return address so that the server can send the response back. If the device sends a carefully crafted fake request with a different return address, then the server will send the response to that spoofed return address.

So if the web camera sends a request to Server A and the response is sent to Server B, then Server A is unintentionally attacking Server B. If the request is the same size as the response, then there’s no benefit to this attack. If the request is smaller than the response, and Server A sends Server B a bunch of unrequested data for every request from the camera, then you have a successful amplification attack. In the case of memcached, traffic can be amplified by more than 50,000 times, meaning that a small botnet can have a huge effect.

Memcached is a memory caching system whose primary use is to help large websites by caching data that would otherwise be stored in a database or API, so it really shouldn’t be publicly accessible anyway.  And the solution is to turn off public-facing memcached over UDP, but the larger solution is to think about what things you are making available to the Internet, and how they can be used maliciously.

Finished Dryer Will Text You

Here’s a slightly different way to check on the status of your laundry. Instead of checking if the machine is vibrating, or listening for sound, or pulling everything apart and hacking an ESP8266 into it, check the power that the machine is drawing. This is what [Scrand] did in his IoT dryer build.

The secret behind the hack is the Sonoff POW, a small device that sits in between the wall and the dryer. It has a relay in it that controls it, but, importantly for this hack, it’s able to measure the power consumption used by what’s plugged into it. By installing the ESPurna firmware on it, he can now use all the power of the firmware to control and monitor what’s connected to the POW. He wrote a PowerShell script to monitor the http server now running on the POW checking on how much power is being drawn by the dryer. When that power drops, the laundry is done, and in the case of [Scrand], a text is sent saying so.

When you’re sitting on the couch relaxing, why get up every five minutes to check your laundry when you can have it text you when you know it’s done? Then you can decide whether to get up and deal with it or just leave it until later. The whole reason ESPurna exists to begin with is to check on the status of the laundry.  Or, you can go a bit overboard with this laundry room monitor.